Firewalls and logging

Discussion in 'other firewalls' started by bluedevil, Jul 14, 2006.

Thread Status:
Not open for further replies.
  1. bluedevil

    bluedevil Registered Member

    Joined:
    Jul 14, 2006
    Posts:
    6
    Hello everyone,

    It seems I'm unable to find a proper replacement for Sygate Pro, and unfortunately it seems also that Sygate kills my internet connection nowadays... The main problem is that, yes, there are many promising firewalls with great protection abilities, of course, but as far as I know none of them can match Sygate's logging capabilities. It was nice to be able to log and view traffic packet by packet, and together with SPF Log Viewer one could also sort and filter those things quite efficiently. I think it's not enough that you just set up a firewall and check once that you're stealthed - you should as well be able to see what's going on and what has happened. As far as I know, this isn't very well covered area; I've quick-tested many personal firewalls recently and it seems that only the Outpost Pro comes close to Sygate in logging.

    I just wonder if anyone is aware of a firewall that has better logging functions than Outpost, or is there some kind of dedicated traffic logger (save windump) that could be used in conjunction with incident oriented logging functions usually (if at all) found in other firewalls? Or should I just trust that everything is ok until something nasty happens...

    Thanks in advance.
     
  2. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hi bluedevil, and Welcome to Wilders,

    I currently use Jetico PF which as the ability to set logging on each and every rule.
    For a stand-alone, as an example, there is Port Explorer
     
  3. smf

    smf Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    31
    Outpost Pro or Blink have very good logging capabilities. What exactly are you expecting from the log?
     
  4. bluedevil

    bluedevil Registered Member

    Joined:
    Jul 14, 2006
    Posts:
    6
    Thanks, Stem. I have tried Jetico PF briefly: I'd prefer one that runs as a service, though, and Jetico seems to be quite a beast to set up correctly. I'm testing Port Explorer right now - not quite there I think.

    smf: Blink... Haven't even heard about it. Maybe I should try and find out.

    Mostly I'm missing full packet logging, or how it was called, found in Sygate. It was able to catch each and every packet, at least in theory, and log them, so you could see which ports were tried for example. ZA and the likes log only blocked traffic, many others show policy changes and so on. Outpost isn't bad but it scatters logs, so you have much more places to check than in the case of Sygate.

    In short; I'm looking for a firewall with full packet logging and I'd like to be able to filter and sort logs according to my interests.

    Otherwise I'd perhaps take Comodo but now it seems that the Outpost is a way to go.
     
  5. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hi bluedevil,
    There are some programs (sniffers) you may find interesting here?
     
  6. Jarmo P

    Jarmo P Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    1,188
    I find this strange that to happen. You may need to add some advanced ping rule if your internet connection is changed. There are a lots of posts in Sygate forum that people needed to add an advanced rule. You can find it in faq.

    I currently run old kerio 2.1.5. It is not a firewall for newbies, not an easy one like Sygate. It has ability to log and alert every rule if wanted. Sygate has some inherent rules that are not logged, for dns, dhcp and netbios protection etc.. Making advanced rules that come before application rules for them I think, but not sure, that you can get them logged. Maybe disabling dynamic dhcp is needed.

    Kerio 2.1.5 has only a rudimentary log. Logs anything you want, but no sorting or any that fancy that sygate has. I never used the packet log though in sygate. Kerio 4 allows also to log what you want, but it is the same, no log filtering or sorting. And I don't trust kerio 4, it is not stable.

    Best wishes, Jarmo
     
  7. bluedevil

    bluedevil Registered Member

    Joined:
    Jul 14, 2006
    Posts:
    6
    Thank you for the link, Stem: There are a couple of interesting programs there, though none of them can really replace Sygate's logging functions. Well, of course I could run Wireshark or Packetyzer all the time to see what's going on, or use windump, but I think it goes over the top. I'm mainly interested in ports, protocols and source addresses, not in contents. Moreover, using a sniffer would result in more analyzing work, as it doesn't tell whether a packet has been accepted or discarded by firewall.

    Jarmo P: I don't know why I can't access the net if Sygate is installed. It used to work, and I haven't changed my internet provider. Maybe my provider has made some changes or maybe it's something inside Windows. Strange, indeed, but I'm a bit reluctant to fiddle too much with an obsolete firewall, because it might be getting more and more unreliable as the time goes by - though perhaps it's even more probable that hackers and crackers will loose their interest in it.

    It really seems there's no substitute for Sygate, and perhaps it's time to face the fact and move on.
     
  8. Jarmo P

    Jarmo P Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    1,188
  9. bluedevil

    bluedevil Registered Member

    Joined:
    Jul 14, 2006
    Posts:
    6
    Well, perhaps "discontinued" would have been more appropriate word than "obsolete".

    Anyway, I get "limited or no connectivity" message every time I reboot my pc and there's no connection at all. Even if I shut down Sygate the connection stays down, so it's not too easy to search for the cures in the net. So, from my point of view, it looks more like a driver level issue than a settings problem.

    And now I see... Sygate doesn't work with Kaspersky 2006, at least not in my case. I uninstalled KAV and the problem was gone. I suppose it is KAV's network module and I'm afraid it cannot be disabled.

    EDIT: Now that I'm using Sygate once again, together with Nod32, I see it wasn't the full package logging that I missed. It's just that the basic traffic log gives me all the information I need: allowed and blocked connections, their ip:s, ports and protocols, and they can be sorted and so on. SPF isn't perfect firewall for sure, but it really has powerful logging capabilities, and that's why I like it so much. Let's hope that somebody at the right place is listening to me...
     
    Last edited: Jul 16, 2006
Loading...
Thread Status:
Not open for further replies.